Abstract
Automatic-dependent surveillance-broadcast (ADS-B) is a cornerstone of the next-generation digital sky and is now mandated in several countries. However, there have been many reports of serious security vulnerabilities in the ADS-B architecture. In this article, we demonstrate and evaluate the impact of multiple cyberattacks on ADS-B via remote radio frequency links that affected various network, processing, and display subsystems used within the ADS-B ecosystem. Overall we implemented and tested 12 cyberattacks on ADS-B in a controlled environment, out of which 5 attacks were presented or implemented for the first time. For all these attacks, we developed a unique testbed that consists of 36 tested configurations. Each of the attacks was successful on various subsets of the tested configurations. In some attacks, we discovered wide qualitative variations and discrepancies in how particular configurations react to and treat ADS-B inputs that contain errors or contradicting flight information, with the main culprit almost always being the software implementation. In some other attacks, we managed to cause denial of service by remotely crashing/impacting more than 50% of the test set that corresponded to those attacks. We also implemented, and report some practical countermeasures to these attacks. We demonstrated that the strong relationship between the received signal strength and the distance-to-emitter might help verify the aircraft.s advertised ADS-B position and distance. For example, our best machine learning models achieved 90% accuracy in detecting attackers' spoofed ADS-B signals.
Highlights
A UTOMATIC Dependent Surveillance-Broadcast (ADSB) is a surveillance technology where by the position, identity, velocity, and other information of an aircraft are periodically broadcast up to 6.2 times in a second via a radio link to inform other aircraft and the ground station in the vicinity about the aircraft
The results show that most setups generally support ADS-B 1090 Extended Squitter (1090ES) cyclic redundancy check (CRC) error correction only up to 2 error bits
There were no visible attacker-injected aircraft on the screen, but the electronic flight bag (EFB) was silently affected by the DoS attack. This new invisible and silent ADS-B DoS attack that we propose and tested would be very challenging to detect without specific improvements in the ADS-B software aimed at mitigating the list of attacks that we described in this article
Summary
ADS-B is not secure because it does not use basic security measures, e.g., authentication, encryption. To the best of our knowledge, we are the first to notice and subsequently study that two ADS-B signals with the same International Civil Aviation Organization (ICAO) address 1 but different flight information (e.g., location) can induce logical vulnerability of an ADS-B receiver and pose operational and decisional risks. The proliferation of mobile devices enables quick deployment of mobile cockpit services using different electronic flight bag (EFB) applications and portable ADS-B transceivers such as SkyEcho, Sentry, and echoUAT [10]. These mobile solutions, due to their low cost as well as ease of installation and usage, are becoming popular among users of general aviation.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
